Many security vendors boast that they have the best analytics in the game, but the question CIOs should ask is, “Is this a real-time, advanced security analytics offering?” Johna Till Johnson, CEO of Nemertes Research, explains in this webcast transcript.
After reading, take a close look at the graphic above to better understand what an advanced security analytics tool does, why enterprise organizations need it, who makes it and where it's headed.
Advanced security analytics is a little bit interesting, because right now, every single security vendor will swear that it has the best analytics on the market, regardless of what they do. That's not quite what I'm looking at when I'm looking at this. I'm looking at tools that actually really focus on the analytics and are not also providing secure Web gateway, firewalling service or DLP capabilities.
The real advantage to advanced analytics is that that they provide proactive and responsive real-time analysis of security events. And this is important because we're all used to forensics, but it's not very helpful to find out that somebody attacked your organization two weeks ago, particularly when a lot of these attacks only have to last minutes before they've done their damage. So, finding out that you were attacked two weeks ago for two minutes is not useful, because now it means everything you've done has been compromised since then.
What you want to know is, 'Hey, there is an attack underway. It's happening right now.' And shut that down in 30 seconds before it completes the infection, or whatever it was that it was doing.